Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.
Instead, use one of the following private channels:
- GitHub Security Advisories — open a private report from the Security tab of the affected repository ("Report a vulnerability"). This is preferred.
- Email — write to neuron7x@ukr.net with the details below.
Please include:
- The repository and version / commit affected
- A description of the vulnerability and its impact
- Steps to reproduce (a minimal proof-of-concept is ideal)
- Any known mitigations or workarounds
- Acknowledgement within 72 hours.
- Assessment and triage within 7 days, including a severity estimate.
- Coordinated disclosure: we will agree a disclosure timeline with you and credit you in the advisory unless you prefer to remain anonymous.
These repositories are research and engineering projects. Reports about the code in this account's repositories are in scope. Reports about third-party dependencies should be directed upstream, though we appreciate a heads-up so we can pin or patch.
Unless a repository states otherwise, only the latest release / main branch is
supported with security fixes.